from the don't-screw-this-up dept

The plan was unveiled on Monday at a brief but highly choreographed news conference in Manhattan, where Jay Z stood alongside more than a dozen musicians identified as Tidal’s owners. They included Rihanna, Kanye West, Madonna, Nicki Minaj, Jack White, Alicia Keys, the country singer Jason Aldean, the French dance duo Daft Punk (in signature robot costumes), members of Arcade Fire, and Beyonce, Jay Z’s wife.

So, we have all of these artists, taking on Dr. Dre and Trent Reznor who were the keys to Beats Music, which Apple is getting set to relaunch. Jay-Z is positioning Tidal as more friendly to artists -- though that was also the marketing claim behind Beats, and then it failed to attract too many users, in large part because there was no free, ad-supported tier. Of course, it's one thing if you're one of those megastars listed above, who get some equity stake in Tidal, but what about every other musician? Is it really going to be that good of a deal for them? Jay-Z and crew insist they'll be paying better rates than competitors, but considering competitors still can't get anywhere near profitability, it seems reasonable to question if Tidal can actually make any money at all. It's one thing to say you're going to pay artists more. It's another to defy basic economics.

Tidal also has no free, ad-supported tier, but does have a more expensive $20 tier for higher quality sound, which may attract random audiophiles, but not much more than that. Indeed, the recording industry (and many artists) have been pushing back against the free tiers that already exist. Universal Music has been demanding Spotify cut back on its free tier. And Universal's CEO Lucian Grange has been using every opportunity to complain about "freemium" music plans. Now owned by Apple, Beats wanted to offer service cheaper than the standard $10/month and the record labels said no.

And, of course, now Jay-Z is bashing free music tiers as well:

“The challenge is to get everyone to respect music again, to recognize its value,” said Jay Z, whose real name is Shawn Carter. “Water is free. Music is $6 but no one wants to pay for music. You should drink free water from the tap — it’s a beautiful thing. And if you want to hear the most beautiful song, then support the artist.”

That's kind of nonsensical in a variety of ways. Every time we've heard people talking about getting people to "respect music again" or "recognize its value," the projects have failed (often miserably), because they're not at all focused on what music fans actually want. Rather they're focused on trying to change the behavior of music fans and that's really, really, really difficult -- especially when you're not really offering that much that's different.

But Jay-Z has a plan to get around that: exclusive deals.

Over the weekend, the Swedish blog Breakit reported — citing sources close to the deal — that Tidal’s plan of attack will be to ink first-window deals with the artists, where Tidal would get first releases of tracks from big-name artists ahead of any other digital streaming services. This would be exclusive, but only for a period: Spotify, Deezer and others would eventually also get these tracks, but only later.

At least they'll go up on other services later, but this seems like a dangerous path to go down. Again, rather than focusing on providing more value the focus seems to be on taking away value from other services: ending free streaming deals and doing exclusives to fragment the market and make it harder for fans to actually listen to what they want, when they want it and how they want it.

That's the wrong lesson to get at this stage of the game. We've gone through nearly two decades of the recording industry fighting the internet at every turn, and now that we're finally starting to see some services that actually cater to what people want, the old industry players are jumping in and trying to kill the golden goose yet again. Any time any service shows that it can attract a lot of users, the recording industry tries to figure out a way to bleed it dry as quickly as possible, rather than helping it grow and building out more value for users.

More competition in the online music space is a great thing. But the trend towards locking stuff up, and taking away the value to music fans, while similarly jacking up the prices, doesn't seem like a productive path. It seems like one that is just going to annoy fans and push them back towards unauthorized alternatives.

from the the-TV-revolution-will-not-be-televised dept

For years now, media reports have suggested that Apple has dreamed of offering a disruptive broadband TV streaming service that rattles the status quo. The problem for Apple (and countless companies before it) has been that the broadcasters in charge of said status quo haven't historically been willing to budge on the kind of flexible licensing needed to make this dream a reality. That has resulted in year after year of Apple TV service rumors that never materialize as Apple repeatedly ran face first into licensing negotiations. Similarly, cable operators, wary of Apple getting the same kind of power it now wields in the music industry and losing set top revenues, haven't been keen on Apple's proposals for Apple-made set top boxes.

Just about a year ago, the Wall Street Journal ran a story stating that Apple was in negotiations with Comcast regarding an internet TV service that would get priority over Comcast's network. One year later, and a new Wall Street Journal report notes that while a new Apple TV service is finally slated to launch this fall (and the Apple rumor gods really, really mean it this time), it's going to likely be without Comcast/NBC Universal content. Why? Apple insiders claim Comcast is stringing the company along to delay Apple while it focuses on its own efforts:

"For now, the talks don’t involve NBCUniversal, owner of the NBC broadcast network and cable channels like USA and Bravo, because of a falling-out between Apple and NBCUniversal parent company Comcast Corp., the people familiar with the matter said. Apple and Comcast were in talks as recently as last year about working together on a streaming television platform that would combine Apple’s expertise in user interfaces with Comcast’s strength in broadband delivery. Apple came to believe that Comcast was stringing it along while the cable giant focused on its own X1 Web-enabled set-top box, the people said."

Meanwhile, Apple's pretty clearly realizing the company needs to ease off of its own (often draconian and bizarre) control demands if it's going to get a foothold in the broadcast and TV industry, as the sort of success and control Apple enjoys in wireless simply isn't going to be replicated in cable without some major concessions. Insiders suggest Apple's willing to go the extra mile to get cable operators and broadcasters on board, including sharing more viewer data than Netflix traditionally does:

"The company is willing to share details on who its viewers are, what they watch and when they watch it to entice broadcast networks and others to go along with the service, sources said...Apple, which is known for tightly controlling its ecosystem, is taking a more hands-off approach with programmers, such as letting them decide whether they want to air ads. "They’re allowing a lot more decision-making by the content owner," said one source familiar with the talks, adding that Apple has told potential partners, "It’s up to you, whatever you guys want to do."

Despite a decade of the cable and broadcast industry fighting internet video tooth and nail, 2015 actually appears to be the year internet video gains meaningful traction anyway. Whether that's through Dish's Sling TV, HBO Now or Sony's Playstation Vue, we're finally starting to see some broader choices when it comes to TV packages and pricing. As for Comcast getting in the way of this progress, it's very possible the FCC and DOJ may approve their merger but impose some conditions that they play nice. Of course whether those conditions are intelligent, meaningful or actually enforced is another question entirely.

The Judicial Conference Advisory Committee on Criminal Rules voted 11-1 to modify an arcane federal rule to allow judges more flexibility in how they approve search warrants for electronic data, according to a Justice Department spokesman.

No longer bound by physical jurisdictions, the FBI will be able to perform remote searches all over the globe. This is its "21st century" fix -- a permission slip to implant malicious software in any computer, located anywhere, in order to track suspected criminals. That performing these actions may strain international relationships or break local laws is just the acceptable collateral damage inherent to modern-day crimefighting.

There's still plenty of time left before it goes into effect, and several chances that this rule change might be found to be just as potentially damaging -- both to the Fourth Amendment and rights of citizens in other nations -- as tech companies and privacy advocates are portraying it.

The judicial advisory committee's vote is only the first of several stamps of approval required within the federal judicial branch before the the rule change can formally take place—a process that will likely take over a year. The proposal is now subject to review by the Standing Committee on Rules of Practice and Procedure, which normally can approve amendments at its June meeting. The Judicial Conference is next in line to approve the rule, a move that would likely occur in September.

The Supreme Court would have until May 1, 2016 to review and accept the amendment, which Congress would then have seven months to reject, modify or defer. Absent any congressional action, the rule would take place on Dec. 1, 2016.

While the fight against the rule change will continue, its procession through the next couple of steps will likely be as quiet as its passage by the judicial advisory panel. Those in the position to shut this down are going to find it hard to argue against law enforcement and national security talking points.

Any light shed on "arcane" federal rules and laws should throw a bit on other outdated pieces of legislation, like the CFAA or the Stored Communications Act, which are more in need of an update than Rule 41. Of course, the DOJ likes those the way they are, what with their broad language and deference to law enforcement. Rather than bring American citizens "up to date" with fixes to those bad laws, we'll likely instead receive expanded government power with no corresponding bump for the governed. And as for the rest of the world -- it will be playing by our rules, whether it wants to or not.

from the going-from-bad-to-worse dept

Techdirt has been charting for a while France's descent from a bastion of enlightenment values to a country that seems willing to give up any freedom in the illusory hope of gaining some security. According to a story in Le Figaro, even worse is to come in the shape of a new law (original in French, found via @gchampeau):

[the proposed law] wants to force intermediaries to "detect, using automatic processing, suspicious flows of connection data". Internet service providers as well as platforms like Google, Facebook, Apple and Twitter would themselves have to identify suspicious behavior, according to instructions they have received, and pass the results to investigators. The text does not specify, but this could mean frequent connections to monitored pages.

As well as being extremely vague, none of this "automatic detection" will require a warrant, which means that the scope for abuse and errors will be huge. And then there's this:

The Intelligence bill also addresses the obligations placed on operators and platforms "concerning the decryption of data." More than ever, France is keen to have the [encryption] keys necessary to read intercepted conversations, even if they are protected.

As we've noted before, there is a global push to demonize encryption by presenting it as a "dark place" where bad people can safely hide. What's particularly worrying is that the measures proposed by France are easy to circumvent using client-side encryption. The fear has to be that once the French government realizes that fact, it will then seek to control or ban this form too.

from the meh dept

We just had a story based on the Intercept breaking the fact that the CIA holds an annual hackathon (the CIA calls it a "Jamboree") to come up with new ways to hack secure systems, inviting in various contractors and government agencies. Much of the work is focused on hacking Apple's security, inserting backdoors and generally degrading security and encryption for everyone.

The CIA refused to comment on the Intercept's original story, but the reporters got former FTC official Steven Bellovin to sum it up as:

“Spies gonna spy,” says Steven Bellovin, a former chief technologist for the U.S. Federal Trade Commission and current professor at Columbia University. “I’m never surprised by what intelligence agencies do to get information. They’re going to go where the info is, and as it moves, they’ll adjust their tactics. Their attitude is basically amoral: whatever works is OK.”

"That's what we do," the official said. "CIA collects information overseas, and this is focused on our adversaries, whether they be terrorists or other adversaries."

Except, of course, they don't just spy overseas. The CIA has done domestic spying as well, and the descriptions of the projects don't just impact people overseas. And then there's this one:

"There's a whole world of devices out there, and that's what we're going to do," the official said. "It is what it is."

It is what it is. That's someone who clearly doesn't care one bit about the negative consequences of attacking security and inserting backdoors that can harm everyone, just so long as they can also spy on people they don't like. You know, like the US Senate.

from the great-Apple-wall-of-the-north dept

For years now, customers have been begging HBO to offer a standalone streaming service. Instead, customers got HBO Go, a streaming service only accessible if you can prove you have traditional cable. HBO Go is part of the cable and broadcast industry's "TV Everywhere" initiative -- or the industry's misguided belief that you can thwart cord cutting by building giant walled gardens firmly tethered to traditional cable. Of course this does nothing to actually thwart cord cutting, and only drives customers unwilling to pay cable's endlessly-soaring rates to piracy.

For many years, HBO was hesitant to offer a truly stand alone streaming service, fearing disruption of the cozy, promotion and subsidy-laden relationships it has with cable operators. Late last year HBO finally announced it would offer a standalone HBO service, but didn't provide any hard details.

The good news? HBO has formally announced that it's launching "HBO Now" next month for a $15 monthly fee. The bad news (for some)? The service is going to be an Apple exclusive at launch, meaning that while you can access the service via iOS devices, you're out of luck if you'd like to use the service on a game console, Roku player, Chromecast, or any of the myriad other competing streaming devices. And while you will be able to watch HBO Now content via the new website and any old browser, you can apparently only register for the service using Apple's HBO Now app and an iOS device.

This resulted in many people correctly noting customers are being herded from one walled garden to another:

The press release can't be bothered to mention this, but the exclusive is only for three months, after which HBO Now will be made available on all the usual platforms. Cable providers may also jump in and pitch the service, though many will likely worry they'll only act to cannibalize existing cable subscribers. In other words, we're not exactly talking about the end of the world here, and HBO Now is still part of a welcome sea change toward more standalone streaming options in 2015. If you're still annoyed, just pretend Apple users are beta-testing the service and ironing out the wrinkles ahead of your arrival this summer.

Still, while the exclusive surely nets Apple a nice cash payout, being greeted by a giant wall isn't a great first HBO Now brand impression for Android, Xbox, Playstation, Chromecast or Roku users. Being greeted by that same giant wall also isn't going to do much to keep the "most pirated TV show on television" from being downloaded via BitTorrent. HBO Now's still a welcome change, it's just a shame its market entry has to be polluted by unnecessary, annoying boundaries just to fatten Apple's wallet.

from the the-ijamboree dept

The latest big report from the Intercept is about an annual hackathon, put on by the CIA (which the NSA and others participate in) where they try to hack encrypted systems, with a key focus on Apple products. The CIA calls this its annual "Trusted Computing Base Jamboree." The whole point: how can the CIA undermine trusted computing systems.

If you can't see that, it notes:

As in past years, the Jamboree will be an informal and interactive conference with an emphasis on presentations that provide important information to developers trying to circumvent or exploit new security capabilities.

In other words, rather than seeking to better protect Americans by making sure the security products they use remain secure, this event was about making everyone less safe -- in particular Apple users. The report notes how researchers have undermined Xcode so that the intelligence community can inject backdoors into lots of apps and to reveal private keys (apparently not caring how that makes everyone less secure):

A year later, at the 2012 Jamboree, researchers described their attacks on the software used by developers to create applications for Apple’s popular App Store. In a talk called “Strawhorse: Attacking the MacOS and iOS Software Development Kit,” a presenter from Sandia Labs described a successful “whacking” of Apple’s Xcode — the software used to create apps for iPhones, iPads and Mac computers. Developers who create Apple-approved and distributed apps overwhelmingly use Xcode, a free piece of software easily downloaded from the App Store.

The researchers boasted that they had discovered a way to manipulate Xcode so that it could serve as a conduit for infecting and extracting private data from devices on which users had installed apps that were built with the poisoned Xcode. In other words, by manipulating Xcode, the spies could compromise the devices and private data of anyone with apps made by a poisoned developer — potentially millions of people.

The risks for nearly anyone using an Apple product should become pretty clear when you realize what this "whacked" Xcode can do:

“Entice” all Mac applications to create a “remote backdoor” allowing undetected access to an Apple computer.

“Force all iOS applications” to send data from an iPhone or iPad back to a U.S. intelligence “listening post.”

Disable core security features on Apple devices.

While the Jamboree appears mostly focused on Apple products, that's not all. Microsoft's BitLocker encryption was also a target:

Also presented at the Jamboree were successes in the targeting of Microsoft’s disk encryption technology, and the TPM chips that are used to store its encryption keys. Researchers at the CIA conference in 2010 boasted about the ability to extract the encryption keys used by BitLocker and thus decrypt private data stored on the computer. Because the TPM chip is used to protect the system from untrusted software, attacking it could allow the covert installation of malware onto the computer, which could be used to access otherwise encrypted communications and files of consumers.

Again, this suggests a serious problem when you have the same government that's supposed to "protect us" in charge of also hacking into systems. With today's modern technology, the communications technologies that "bad people" use are the same ones that everyone uses. The intelligence community has two choices: protect everyone, or undermine the security of everyone. It has chosen the latter.

“The U.S. government is prioritizing its own offensive surveillance needs over the cybersecurity of the millions of Americans who use Apple products,” says Christopher Soghoian, the principal technologist at the American Civil Liberties Union. “If U.S. government-funded researchers can discover these flaws, it is quite likely that Chinese, Russian and Israeli researchers can discover them, too. By quietly exploiting these flaws rather than notifying Apple, the U.S. government leaves Apple’s customers vulnerable to other sophisticated governments.”

There's been a lot of talk lately about the growing divide between the intelligence community and Silicon Valley. As more stories come out of projects to undermine those companies and the trust they've built with the public, it's only going to get worse.

from the irony dept

Back in January, we pointed out that just after US and EU law enforcement officials started freaking out about mobile encryption and demanding backdoors, that China was also saying that it wanted to require backdoors for itself in encrypted products. Now, President Obama claims he's upset about this, saying that he's spoken directly with China's President Xi Jinping about it:

In an interview with Reuters, Obama said he was concerned about Beijing's plans for a far-reaching counterterrorism law that would require technology firms to hand over encryption keys, the passcodes that help protect data, and install security "backdoors" in their systems to give Chinese authorities surveillance access.

"This is something that I’ve raised directly with President Xi," Obama said. "We have made it very clear to them that this is something they are going to have to change if they are to do business with the United States."

This comes right after the US Trade Rep Michael Froman issued a statement criticizing China for doing the same damn thing that the US DOJ is arguing the US should be doing:

U.S. Trade Representative Michael Froman issued a statement on Thursday criticizing the banking rules, saying they "are not about security – they are about protectionism and favoring Chinese companies".

"The Administration is aggressively working to have China walk back from these troubling regulations," Froman said.

Just last week, Yahoo's chief security officer Alex Stamos raised this exact issue with NSA director Admiral Mike Rogers, asking if Rogers thinks it's appropriate for tech companies to build backdoors for other countries if they build them for the US. Rogers ignored the question, just saying "I think we can work our way through this," which is not an answer. And now we're "working our way through this" by having to deal with other countries, such as China, leaping at this opportunity.

And the week before, President Obama himself claimed that he was all for strong encryption, but argued that there were tradeoffs worth discussing, and that some in his administration believed that demanding backdoors made sense to try to stop terrorist attacks. But it's tough to see how he can claim that it's okay to entertain those ideas on the one hand, while using the other hand to try to slap China for doing the exact same thing.

As security researcher Matthew Green rightly points out, "someday, US officials will look back and realize how much global damage they've enabled with their silly requests for key escrow." But that day is apparently not today.

The administration keeps bleating on and on about how China is a massive cybersecurity "threat" out there, and then hands the country this massive gift by having a kneejerk reaction to better encryption that protects American citizens.

from the what-a-joke dept

Over the last year, there's been plenty of good news in the fight against the abuse of patents to stifle innovation. A bunch of court rulings have gone the right way, with the biggest being the Supreme Court's ruling in the Alice v. CLS Bank case, that has resulted in many courts invalidating patents, the US Patent Office suddenly rejecting more patents and a rapid decline in patent lawsuits.

Based on that, you might think that we no longer need patent reform. But you'd be wrong. Patent trolls are regrouping and fighting back. Despite the big drop in patent lawsuits following the Alice ruling, patent trolls have come up with some new ideas, and have recently ramped up the filing of new trolling lawsuits at a rapid pace. And there have even been a few victories. While the dollar amounts were relatively low (especially compared to what was asked for), a troll who claimed to have a patent over Bluetooth 2.0 (despite "inventing" it years after Bluetooth 2.0 was on the market) was awarded $15.7 million, and the world's biggest patent troll, Intellectual Ventures actually won a case against Symantec (but got "only" $17 million).

But, earlier this week, there was the big one. A pure patent troll, Smartflash, with a collection of vague and broad patents (US 7,334,720, US 8,118,221 and 8,336,772 -- all for "data storage and access systems") has been awarded $532,900,000 from Apple, despite everyone happily admitting that Apple came up with the idea on its own. Here's the East Texas (of course) court jury form:

And, yes, Apple could probably pay that off with the spare change falling off the edge of Tim Cook's desk, but that's not really the point. Rulings like this don't seem to create any value towards actual innovation. Smartflash once had a product, but it failed in the marketplace over a decade ago. Apple built a product that people actually wanted. Shouldn't we be rewarding the people who actually make the things people want, rather than subsidizing failure by the successful?

Smartflash's lawyer told Ars Technica's Joe Mullin that this ruling is actually a "great example of why the patent system exists." Actually, it's a great example of how screwed up the patent system is. The lawyer also spewed this load of bullshit:

The thing about a patent is—let's say you have a university professor who spent two years researching something. It's irrelevant the effort that [an infringing company] spent to build it. It's the person who came up with it first. That's the way the Constitution, and the patent laws, are written. It's designed to cause people to spend money and time innovating. The patent office publishes it, so that advances the state of the art. In exchange for that, you get a property right.

That's also not how the Constitution is written, though it is (unfortunately) how patent laws are written. But that's not a way to get people to spend "money and time innovating" because the actual innovators here -- Apple -- had to pay out to the guy who failed in innovating. Being "first" isn't innovating. Building the product someone wants is.

Either way, Apple will appeal this ruling (and those other rulings are likely to be appealed as well). And in the last few months, CAFC has actually been shown to have gotten the message about problems with its previous interpretation of patent law. But, in the meantime, we still need serious patent reform.

from the let's-end-this-now dept

Over the last few months, ever since both Apple and Google announced plans to encrypt data on iOS and Android devices by default, there's been a ridiculous amount of hand-wringing from the law enforcement community about requiring backdoors, golden keys and magic fairy dust that will allow law enforcement to decrypt the information on your phone... or children will die, even though they actually won't.

And, of course, yesterday, the Intercept had its big story about how the NSA (with an assist from GCHQ) hacked its way to get access to the encryption keys used on SIM cards on basically all the mobile phones out there, giving those intelligence agencies easy (warrant-free!) access to conversations that most people thought had at least some encryption. These two stories may not seem to be directly connected (we're talking about different kinds of encryption for different things), but in writing about the SIM card story, Julian Sanchez at Cato makes a really good point about why the Gemalto hack underscores why backdoors are a horrendously bad idea: they create a central point of attack to undermine all the security that people rely on.

Finally, this is one more demonstration that proposals to require telecommunications providers and device manufacturers to build law enforcement backdoors in their products are a terrible, terrible idea. As security experts have rightly insisted all along, requiring companies to keep a repository of keys to unlock those backdoors makes the key repository itself a prime target for the most sophisticated attackers—like NSA and GCHQ. It would be both arrogant and foolhardy in the extreme to suppose that only “good” attackers will be successful in these efforts.

It would be nice to see that the revelation of the NSA undermining one use of encryption led people to realize the stupidity of undermining other forms of encryption, but somehow, it seems likely that our law enforcement community won't quite comprehend that message.